[Dave Birch] I've been think about a recent Guardian Unlimited article that began by posing the big question: how do you cut online crime, tackle child pornography, halt crippling viruses and get rid of spam? The article then goes on to talk about a couple of research projects: researchers in the US want at least $350m (£175m) to build the Global Environment for Network Innovations (Geni) and in Europe, similar projects are under way as part of the EU's Future and Internet Research (Fire) programme, which is expected to cost at least £27m. While this will undoubtedly be money well spent, I think that Jonathan Zittrain, professor of internet governance and regulation at the Oxford Internet Institute, cuts to the core of the issues with his comment:

There's a real need to have better identity management, to declare your age and to know that when you're talking to, say, Barclays bank, that you're really doing so.

The backers of Geni are hoping that it can find answers to problems like this. It is supported by America's National Science Foundation and has a timescale of 10-15 years. Hhhmmm. Dipankar Raychaudhuri, a professor at Rutgers University in New York, says

Once you've built something as large and complex as the internet it is difficult to start over again.

Quite, but do we really need to?

Technorati Tags: identity, internet, privacy

On the one hand, the Internet works tolerably well and some form of digital identity management infrastructure -- while undoubtedly complex to bring together in practice -- can at least be imagined. Yet there are people who think that this won't be enough. Ben Laurie has previously pointed out that identity management systems are not the only way you are identified and tracked. And this is a problem, because if society chooses a particular kind of identity management system -- perhaps one which responds to European sensibilities around privacy and data protection -- but has to deliver it on top of a surveillance infrastructure (ie, the current Internet or something similar), then society's political choices are subverted. In other words, there must be a substrate of anonymity to make higher level choices about pseduonymity or conditional anonymity valid. I am entirely sympathetic to this line of argument, but I just cannot see how engineers will be able to persuade governments, law enforcement agencies and tabloid newspapers that it's better for society in the long term to allow certain kinds of anonymity in certain circumstances.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Comments

> There's a real need to have better identity management, ...

I've not seen that need, at least, not in the current Internet. Any supplier that needs "identity" can happily use an ex-internet method to provide this. It's simply not clear that we should be demanding board, IP-stack-based protocol, bits, memory, etc to understand and "know" identity.

On the other hand, there are "identity" capabilities around. Why aren't client-side certs used? If the answer is "too difficult," is the question, "I want something for free?"

Posted by: Iang | 16/08/2007 at 12:56 AM